Solved

Dropping Aironet device tanks SQL comms

Posted on 2013-06-11
7
297 Views
Last Modified: 2015-06-22
Have a very strange network issue that I have not been able to track down. I was tasked with replacing an older aironet device with a newer device. I have the new device up and running, however when I drop power to the old device, within seconds the company's main line of business application goes down with issues talking to the SQL back end. Power up the Aironet, problem disappears.

Topology:
2k8r2 server, dc, running hyperV, dhcp server, dns server  at .3 on the scope
2k8r2 VM, dc, running MS SQL 2008 at .4 on the scope
2k8r2 VM, member server, running an app not yet deployed to floor at .6 on scope
Aironet 1200 series at .242 on scope,
( I didn't design it, I just service it, so be kind on your criticism)

Captures on the server links showed only one comm to the Aironet Ethernet address, that being a single ping. There does seem to be an increased amount of Arp traffic on the servers when the device is dropped. Hooked up a workstation on the ip  to see if there was any traffic targeting that address. Only comms seen in the packet trace were DNS queries and some RDP traffic back to one of the servers. I need to repeat this experiment, as the system seemed to operate with the workstation holding the 242 address open, however there is a gray area from when I dropped the address and started seeing the failure again.

The devices talking via the wireless on the floor are milling machines, wnd there does not seem to be any push communications that would require a constant link. (in addition, all the mills appear to be routing through the new aironet, leaving only someone's droid on the old system)
0
Comment
Question by:box-bb-car
7 Comments
 
LVL 17

Accepted Solution

by:
TimotiSt earned 500 total points
Comment Utility
Maybe the device at .242 is doing ICMP redirect or proxy ARP for some weird traffic?
Search the registry of the SQL server for the IP address, maybe you get something useful?
Mirror the port on the switch, capture traffic with a linux+wireshark combo, to make sure you capture everything?

Interesting, anyway... :)

Tamas
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
Is the old one the default gateway for something?
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
As TimotiSt said, the Aironet AP is probably running Proxy-ARP.

For some strange reason, Aironet APs run Proxy-ARP by default in some firmware versions.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:box-bb-car
Comment Utility
Never thought about the proxy arp. Would explain the increased around on the server. Am also looking at the virtual switching/networking as am seeing some event log entries with the mac mapping. Mirroring the ports not an option with what they have in place, will have to see if I can get a temp device in. Thanks all, will update when I get a chance to try these suggestions
0
 

Author Comment

by:box-bb-car
Comment Utility
Arp may or may not have been the cause, probably will never know, as problem resolved after I flushed the arp caches on reboot and left the device off . Sill going to award points at least for the effort
0
 

Author Closing Comment

by:box-bb-car
Comment Utility
As stated, cannot prove this was the answer, but am awarding points
0
 

Author Comment

by:box-bb-car
Comment Utility
Update on this issue. Though the accepted solution did give brief relief, the issue raised it's ugly head again several months later. The client had since hired an in house IT person, however the issue was beyond his expertise and we were called in to assist. During the subsequent investigation (over a period of two days) we were able to further characterize this issue, and discovered a flood of discovery packets from a recently added MakerBot. It gave the appearance that we had a small workgroup switch had gone awry and was flooding the network. The in house IT swapped out the switch and removed the makerbot driver from all units to verify we did not see the flood again. Late that same day the issue occurred again. The in house IT had initiated a couple of coops tracing down and identifying cable runs, and during their plugging and unplugging, the net had gone down, and they discovered a previously unknown piece of equipment on the network. The device had been hidden underneath a wire bundle, and had been put into place by one of the machine vendors to translate RS232 coming from the machines to ethernet. In looking up the specs on the device, we discovered that of the two ports on the device, one was for uplink to the network, the other was for daisy chaining subsequent devices. The Vendor had plugged both into the local switch creating a broadcast loop. If ANY device on that switch restarted, the suspect device, essentially a hub, would broadcast, hear it's broadcast and repeat, in a loop flooding the network. It would create so much traffic that it would overwhelm the virtual switches in HyperV, shutting down access to all servers on the host. The Makerbot broadcasts, even though not attached to the same switch initiate the same affect through the device. We have since superseded the in house personnel and have a more controlled grasp on network operations.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now